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CLAIMS 

We claim: 

1 . A method for controlling access to an object in an operating system, the method 
comprising: 

5 receiving a call from an external object to a first interface of a target object; 

at the target object, determining whether the external object has access to other 
interfaces of the target object based on the call to the first interface; and 

granting access to the other interfaces according to the determination. 



10 2. A method as recited in claim 1, wherein determining whether the external object 
has access to other interfaces of the target object further comprises examining a security 
policy contained within the target object. 



3. A method as recited in claim 2, wherein the security policy is contained entirely 
1 5 within the target object. 



4. A method as recited in claim 1 , further comprising determining whether the 
external object and the target object operate in the same process. 

20 5. A method as recited in claim 1, wherein determining whether the external object 
has access to other interfaces of the target object further comprises: 

identifying other interfaces of the target object that can be accessed when the first 
interface is being requested by the external object. 
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6. A method as recited in claim 1, further comprising determining a first process of 
the target object. 

7. A method as recited in claim 6, further comprising determining a second process of 
5 the external object. 

8. A method as recited in claim 7, further comprising performing a cross-process 
communication between the target object and the external object. 

10 9. A method as recited in claim 1, further comprising securing a channel for each 
interface of the target object. 

10. A method as recited in claim 1, wherein determining whether the external object 
has access to other interfaces of the target object further comprises analyzing access 

1 5 constraints within the target object. 

11. A method as recited in claim 1 , further comprising analyzing interface access data 
stored within the target object. 

20 12. A method as recited in claim 1, further comprising determining whether the target 
object and the external object are in a same protection domain. 

13. A method as recited in claim 12, wherein the protection domain is a process. 
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14. A method as recited in claim 1, wherein the target object sets its own security 
policy. 



15. A method as recited in claim 1, wherein determining whether the external object 
5 has access to other interfaces further comprises determining the capabilities of the external 
object. 

15. A method as recited in claim 14, further comprising mapping the capabilities of the 
external object to the interfaces of the target object. 

10 

16. A method as recited in claim 1, wherein the target object and the external object 
are created using a same methodology. 



17. A method as recited in claim 1, wherein the target object and the external object 
1 5 are views in a view hierarchy. 



18. A method as recited in claim 17, wherein a view has a parent calling interface, a 
child calling interface, and a child managing interface. 



20 19. A system that controls access to an object in an operating system, the system 
comprising: 

a module configured to receive a call from an external object to a first interface of 
a target object; 

a module configured to determining whether the external object has access to other 
25 interfaces of the target object based on the call received at the first interface; and 
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a module configured to grant access to the other interfaces according to the 
determination. 



20. A system that controls access to an object in an operating system, the system 
5 comprising: 

means for receiving a call from an external object to a first interface of a target 

object; 

means for determining, at the target object, whether the external object has access 
to other interfaces of the target object based on the call to the first interface; and 
1 0 means for granting access to the other interfaces according to the determination. 



21. A computer readable medium storing instructions for controlling a computer 
device to control access to an object in an operating system, the instructions comprising: 
receiving a call from an external object to a first interface of a target object; 
15 at the target object, determining whether the external object has access to other 

interfaces of the target object based on the call to the first interface; and 

granting access to the other interfaces according to the determination. 



22. A method for securing an object in a computing device operating system, the 
20 method comprising: 

determining one or more access constraints of a first object; 

identifying a protection domain that has a security profile that corresponds to the 
one or more access constraints of the first object; and 

placing the first object in the protection domain. 

25 
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23. A method as recited in claim 22, further comprising creating the first object and a 
second object using the same methodology. 

24. A method as recited in claim 23, wherein the first object and the second object can 
5 communicate transparently across two or more protection domains. 

25. A method as recited in claim 22, wherein the protection domain is a process. 

26. A method as recited in claim 22, further comprising creating an object-to-object 
10 security model wherein security constraints for an object are contained within the object. 

27. A method as recited in claim 22, wherein identifying a protection domain further 
comprises attempting to identify a protection domain that is local relative to the first 
object. 

15 

28. A method as recited in claim 22, further comprising creating a process based on 
security requirements of the operating system. 

28. A method as recited in claim 28, further comprising clustering objects in the 
20 process based on security policies of the objects. 

29. A system for securing an object in a computing device operating system, the 
system comprising: 

means for determining one or more access constraints of a first object; 
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means for identifying a protection domain that has a security profile that 
corresponds to the one or more access constraints of the first object; and 
means for placing the first object in the protection domain. 
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